Field of the Invention
The present invention relates to a security setting of an apparatus.
Description of the Related Art
In recent years, multifunction peripherals have become connected to a network not only to simply print and transmit image data but also to store image data and provide file service functions for personal computers (PCs). As a result, the multifunction peripherals have functions almost similar to those of other server apparatuses existing on a network.
PCs and server apparatuses (file servers and authentication servers) connected to a network in an office are required to be operated according to a security policy defined by each office. As employed herein, a security policy refers to basic guidelines on security of the entire company. In a broader sense, a security policy includes security measure standards and individual specific implementation procedures. More specifically, a security policy refers to definitions of guidelines for preventing unintended use of information, intrusion from outside, and leakage of secrets. Examples of the guidelines include who is allowed to read which piece of information, which operation is permitted to whom, and data to be encrypted.
Having a lot of functions as a server apparatus, recent multifunction peripherals are also required to adhere to a security policy similar to server apparatuses. As employed herein, adhering to a security policy refers to imposing restrictions on security-related operations to prevent unauthorized use of an apparatus in an office and information leakage. This includes, for example, disabling guest use when operating an apparatus, and requiring communication path encryption.
A conventional multifunction peripheral can be operated to adhere to the security policy if the administrator operates several operation settings (hereinafter, referred to as user mode settings) of the apparatus. However, with conventional user mode settings, the administrator needs to properly set a large number of setting items. Unless the setting items are properly set, an operation violating the security policy may be practically permitted to threaten the security of the office.
In view of this, a system has been discussed in which a security policy can be set from outside in addition to the user mode settings. The security policy and the user mode settings are compared at startup time, and if it is determined that the settings can adhere to the security policy, the apparatus is permitted to start up (Japanese Patent Application Laid-Open No. 2009-230178).
In the conventional system, when a security policy is introduced, the user mode settings may violate the security policy. In such a case, the activation of a multifunction peripheral may cause a security risk such as information leakage and unauthorized use. To address the problem, the user mode settings need to be changed to adhere to the security policy. However, a multifunction peripheral has a large number of setting items for user mode settings, and it is difficult for the administrator to determine which settings to change to adhere to the security policy.
Take, for example, the apparatus discussed in Japanese Patent Application Laid-Open No. 2009-230178. If the user mode settings do not satisfy the security policy at startup time, the apparatus can be started up by the user changing the user mode settings to satisfy the security policy. However, if there are a large number of setting items for user mode settings to be made in a multifunction peripheral, it is difficult for the user to determine setting items to be changed to satisfy the security policy. Moreover, in the case of the apparatus discussed in Japanese Patent Application Laid-Open No. 2009-230178, even if the user mode settings satisfy the security policy at startup time, the user can change the user mode settings after startup, and the apparatus may be used with the security policy violated.